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Claims 



What is claimed is: 
>i 1 . A method of creating a digital certificate for a user comprising; 

\ deriving a first data set containing data pertaining to the user and 

5 \^eful to an issuing party issuing the digital certificate; 

\ associating a user public key with the first data set thereby creating a 
second data set, the user public key and a corresponding user private key both 
generated and authenticated before the creation of a digital certificate by the 
issuing paxty; 

10 encrypting the second data set using an issuer private key; 

creating a digital certificate containing the user public key, the first 
data set, and the \ncrypted second data set, the digital certificate being 
identifiable by an i^uing-party identifier; and 

storing the distal certificate at a user-allotted memory segment of a 
1 5 certificate library, in wnich one or more digital certificates for the user can be 
stored at the user-allotted inemory segment. 

2. A method as recited in\^aim 1 further including associating a 
certificate chain with the digital certificate, the certificate chain having a 

20 trusted root, the trusted root being oifferent from other trusted roots stored at 
the user-allotted memory segment. \ 

3. A method as recited in claim 2 further including using the Public Key 
Infrastructure (PKI) to configure the digital certificate and the associated 

25 certificate chain, thereby creating one PKI, and storing two or more PKIs at 
the user-allotted memory segment of the certificatbi library. 

4. A method as recited in claim 2 further includingsusing the Digital 
Encryption Standard (DES) shared-key system to configwe the digital 

30 certificate and the associated certificate chain, and storing two or more DES 
shared-key systems at the user-allotted memory segment of thescertificate 
library. \ 
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5. A method as recited in claim 1 further including accessing the digital 
certificate in the certificate library using the issuing-party identifier. 

6. \ A method as recited in claim 1 further including accessing the digital 
5 certificate in the certificate library using a merchant-specific identifier. 

7. A method as recited in claim 1 further including determining which 
party signeosthe encrypted second data set by retrieving a public key fi-om 
another digitaXcertificate. 

10 \ 

8. A methodVs recited in claim 7 further including decrypting the 

encrypted second data set and comparing the decrypted second data set with 
the second data set, \ 

15 9. A method as recired in claim 1 further including presenting a text 
string to be signed by the corresponding private key. 

10. A method as recited in^laim 1 further including laying down a 
cryptographic infrastructure befotre the issuing party issues the digital 

20 certificate, wherein the cryptogra^c infi-astmcture includes: 

generating and authenticating the user public key and corresponding 
private key; \ 

creating the certificate library; and 
allocating the user-allotted memon^ segment. 

25 \ 

11. A method as recited in claim 10 furtlier comprising minting and 
distributing a chip card to a user. \ 

12. A method as recited in claim 1 wherein the certificate library is a 
30 Lightweight Directory Access Protocol (LDAP) server. 

13. A method of authenticating a user presenting aSchip card to an entity, 
the method comprising: \ 

reading a certificate library address fi-om the chip\;ard; 
35 accessing a certificate library memory segment using the certificate 

library address; \ 
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\ searching the certificate library memory segment for a digital 
certifi^te having an entity identifier and followed by a digital certificate 
chain; aWi 

traversing the digital certificate chain beginning with the digital 
5 certificate tagged by the entity identifier until a trusted root certificate is 
reached. \ 

14. A method\s recited in claim 13 further including storing a user private 
key and the certificate library address on the chip card. 

10 \ 

15. A method as recit*^ in claim 13 wherein the certificate library is a 
Lightweight Directory Access Protocol (LDAP) server. 

16. A method as recited in ^im 13 further including storing additional 
1 5 digital certificates having differenientity identifiers at the certificate library 

memory segment. Ns^^ 

17. A method as recited in claim 16^irther including associating 
additional digital certificate chains with tnte additional digital certificates, each 

20 certificate chain having its own trusted rootX 

18. A method as recited in claim 13 wherein\searching the certificate 
library memory segment for a digital certificate further includes using specific 
parameters further specifying which portion of the certificate library memory 

25 segment contains a digital certificate issued by the entity. 

19. A certificate library having a plurality of user-specific memory 
segments, each user-specific memory segment storing a plWality of digital 
certificates issued to a user, each digital certificate identifiaDle by an issuer- 

30 identifier and being associated with a trusted root certificate akd each digital 
certificate having the S£tme user public key. \ 

20. A computer-readable mediimi containing programmed instractions 
arranged to authenticate a user presenting a chip card to an entity, they 

35 computer-readable medium including programmed instructions for: \ 
reading a certificate library address fi"om the chip card; \ 
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accessing a certificate library memory segment vising the certificate 



library ad( 



searchingttie^ertificate library memory segment for a digital 



certificate having an entity4dentifier and followed by a digital certificate 



5 chain; and 

traversing the digital certificatectetto^girming with the digital 
certificate tagged by the entity identifier until a faiigtedjoot certificate is 



reached. 
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